--- # Source: cilium/templates/hubble-generate-certs-job.yaml apiVersion: batch/v1 kind: Job metadata: name: hubble-generate-certs namespace: kube-system labels: k8s-app: hubble-generate-certs spec: template: metadata: labels: k8s-app: hubble-generate-certs spec: serviceAccount: hubble-generate-certs serviceAccountName: hubble-generate-certs containers: - name: certgen image: "{{ cilium_hubble_certgen_image_repo }}:{{ cilium_hubble_certgen_image_tag }}" imagePullPolicy: {{ k8s_image_pull_policy }} command: - "/usr/bin/cilium-certgen" # Because this is executed as a job, we pass the values as command # line args instead of via config map. This allows users to inspect # the values used in past runs by inspecting the completed pod. args: - "--cilium-namespace=kube-system" - "--ca-reuse-secret=true" - "--ca-secret-name=hubble-ca-secret" - "--ca-generate=true" - "--ca-validity-duration=94608000s" - "--hubble-server-cert-generate=true" - "--hubble-server-cert-common-name=*.{{ cilium_cluster_name }}.hubble-grpc.cilium.io" - "--hubble-server-cert-validity-duration=94608000s" - "--hubble-server-cert-secret-name=hubble-server-certs" - "--hubble-relay-client-cert-generate=true" - "--hubble-relay-client-cert-validity-duration=94608000s" - "--hubble-relay-client-cert-secret-name=hubble-relay-client-certs" - "--hubble-relay-server-cert-generate=false" hostNetwork: true restartPolicy: OnFailure ttlSecondsAfterFinished: 1800